## Summary: Huge leak of token addresses in (be.whalefin.com) and huge leak of js files ## Steps To Reproduce: [add details for how we can reproduce the issue] 1. You can see huge leak of token add ...

Continue Reading

November 29, 2022

[![TikTok Challenge](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgmYvJ-0YqFhJc1NnMdGBr2ExEPECjYV6qTA9YBIXyAVs067f89dXeYtALNYL03RsBeGiv7Hzg2Ac5x-zRFKtYq71itvJ1tfYApYBOSO-GxYkzE-c5s1M4KFgi ...

Continue Reading

November 29, 2022

org.opendaylight.aaa:aaa-idm-store-h2 is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the `deleteUser` function in `UserStore.java` allows a malicious user to i ...

Continue Reading

November 28, 2022

org.opendaylight.aaa:aaa-idm-store-h2 is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the `deleteRole` function in `RoleStore.java` allows a malicious user to i ...

Continue Reading

November 28, 2022

### Impact On sites where members is enabled (this is the default) it is possible for members (unprivileged users) to make changes to newsletter settings. This gives unprivileged users the ability to ...

Continue Reading

November 28, 2022

The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and se ...

Continue Reading

November 28, 2022

### Impact On sites where members is enabled (this is the default) it is possible for members (unprivileged users) to make changes to newsletter settings. This gives unprivileged users the ability to ...

Continue Reading

November 28, 2022

Wordfence 7.8.0 is out! A huge thanks to our quality assurance team, our team of developers and our ops team for planning, implementing and releasing Wordfence 7.8.0. This release has several fixes to ...

Continue Reading

November 28, 2022